All, Unfortunately SUN SEAM kerberos does *not* seem to do that. Users have to wait upto one hour when the *full* prop occurs. (SUN Support indicated that the krb5 propagation cannot do delta...instead it does a full transfer each time... it is sooo clunky...)
-subu email: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeffrey Altman Sent: Wednesday, April 14, 2004 1:09 PM To: [EMAIL PROTECTED] Subject: Re: scaling problems [EMAIL PROTECTED] wrote: > Hi, folks > > 2) Users wouldn't be happy if they were unable to login one hour every > time they change password. > > So, logical consequence is that master must answer all TGT requests. > Having a slave around in case master dies is better than nothing, but > slave should never get the TGT requests as long as the master is alive. Of course the user would not be happy this way. If the TGT request fails because of an incorrect password, the client checks to see whether or not the KDC contacted was in fact the master. If not, it sends a request to the master. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
